-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDefaultRestletSessionManager.java
253 lines (224 loc) · 9.88 KB
/
DefaultRestletSessionManager.java
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
package de.twenty11.skysail.server.security.shiro.session.mgt;
import java.io.Serializable;
import org.apache.shiro.session.ExpiredSessionException;
import org.apache.shiro.session.InvalidSessionException;
import org.apache.shiro.session.Session;
import org.apache.shiro.session.mgt.DefaultSessionManager;
import org.apache.shiro.session.mgt.SessionContext;
import org.apache.shiro.session.mgt.SessionKey;
import org.apache.shiro.web.servlet.ShiroHttpServletRequest;
import org.apache.shiro.web.servlet.ShiroHttpSession;
import org.apache.shiro.web.session.mgt.WebSessionManager;
import org.restlet.Request;
import org.restlet.Response;
import org.restlet.data.CookieSetting;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import de.twenty11.skysail.server.security.shiro.util.RestletUtils;
public class SkysailWebSessionManager extends DefaultSessionManager implements WebSessionManager {
private static Logger logger = LoggerFactory.getLogger(SkysailWebSessionManager.class);
public SkysailWebSessionManager() {
logger.info("creating new SkysailWebSessionManager");
}
@Override
public boolean isServletContainerSessions() {
return false;
}
/**
* Stores the Session's ID, usually as a Cookie, to associate with future requests.
*
* @param session
* the session that was just {@link #createSession created}.
*/
@Override
protected void onStart(Session session, SessionContext context) {
// super.onStart(session, context);
// if (!WebUtils.isHttp(context)) {
// log.debug("SessionContext argument is not HTTP compatible or does not have an HTTP request/response " +
// "pair. No session ID cookie will be set.");
// return;
//
// }
Request request = RestletUtils.getRequest(context);
Response response = RestletUtils.getResponse(context);
Serializable sessionId = session.getId();
storeSessionId(sessionId, request, response);
// request.removeAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE);
// request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_IS_NEW, Boolean.TRUE);
}
@Override
public Serializable getSessionId(SessionKey key) {
Serializable id = super.getSessionId(key);
if (id == null && RestletUtils.isRestlet(key)) {
Request request = RestletUtils.getRequest(key);
Response response = RestletUtils.getResponse(key);
id = getSessionId(request, response);
}
return id;
}
protected Serializable getSessionId(Request request, Response response) {
//return getReferencedSessionId(request, response);
return getSessionIdCookieValue(request, response);
}
@Override
protected void onExpiration(Session s, ExpiredSessionException ese, SessionKey key) {
super.onExpiration(s, ese, key);
onInvalidation(key);
}
@Override
protected void onInvalidation(Session session, InvalidSessionException ise, SessionKey key) {
super.onInvalidation(session, ise, key);
onInvalidation(key);
}
private void onInvalidation(SessionKey key) {
Request request = RestletUtils.getRequest(key);
if (request != null) {
request.getAttributes().remove(ShiroHttpServletRequest.REFERENCED_SESSION_ID_IS_VALID);
}
// if (WebUtils.isHttp(key)) {
// logger.debug("Referenced session was invalid. Removing session ID cookie.");
// removeSessionIdCookie(WebUtils.getHttpRequest(key), WebUtils.getHttpResponse(key));
// } else {
// logger.debug("SessionKey argument is not HTTP compatible or does not have an HTTP request/response "
// + "pair. Session ID cookie will not be removed due to invalidated session.");
// }
}
@Override
protected void onStop(Session session, SessionKey key) {
super.onStop(session, key);
//if (WebUtils.isHttp(key)) {
Request request = RestletUtils.getRequest(key);
Response response = RestletUtils.getResponse(key);
// log.debug("Session has been stopped (subject logout or explicit stop). Removing session ID cookie.");
// removeSessionIdCookie(request, response);
// } else {
// // log.debug("SessionKey argument is not HTTP compatible or does not have an HTTP request/response " +
// // "pair. Session ID cookie will not be removed due to stopped session.");
// }
}
private void storeSessionId(Serializable currentId, Request request, Response response) {
if (currentId == null) {
String msg = "sessionId cannot be null when persisting for subsequent requests.";
throw new IllegalArgumentException(msg);
}
CookieSetting cookie = createCookie();
// Cookie template = getSessionIdCookie();
// Cookie cookie = new SimpleRestletCookie(template);
String idString = currentId.toString();
cookie.setValue(idString);
// cookie.saveTo(request, response);
response.getCookieSettings().add(cookie);
// log.trace("Set session ID cookie for session with id {}", idString);
}
private String getSessionIdCookieValue(Request request, Response response) {
if (!(request instanceof Request)) {
logger.debug("Current request is not an RestletRequest - cannot get session ID cookie. Returning null.");
return null;
}
//return getSessionIdCookie().readValue(httpRequest, WebUtils.toHttp(response));
if (request.getCookies().size() == 0) {
return null;
}
org.restlet.data.Cookie sessionCookie = request.getCookies().getFirst(ShiroHttpSession.DEFAULT_SESSION_ID_NAME);
return sessionCookie != null ? sessionCookie.getValue() : null;
}
// private Serializable getReferencedSessionId(Request request, Response response) {
//
// String id = getSessionIdCookieValue(request, response);
// if (id != null) {
// request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE,
// ShiroHttpServletRequest.COOKIE_SESSION_ID_SOURCE);
// } else {
// // not in a cookie, or cookie is disabled - try the request URI as a fallback (i.e. due to URL rewriting):
//
// // try the URI path segment parameters first:
// id = getUriPathSegmentParamValue(request, ShiroHttpSession.DEFAULT_SESSION_ID_NAME);
//
// if (id == null) {
// // not a URI path segment parameter, try the query parameters:
// String name = getSessionIdName();
// id = request.getParameter(name);
// if (id == null) {
// // try lowercase:
// id = request.getParameter(name.toLowerCase());
// }
// }
// if (id != null) {
// request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE,
// ShiroHttpServletRequest.URL_SESSION_ID_SOURCE);
// }
// }
// if (id != null) {
// request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID, id);
// // automatically mark it valid here. If it is invalid, the
// // onUnknownSession method below will be invoked and we'll remove the attribute at that time.
// request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_IS_VALID, Boolean.TRUE);
// }
// return id;
// }
// SHIRO-351
// also see http://cdivilly.wordpress.com/2011/04/22/java-servlets-uri-parameters/
// since 1.2.2
// private String getUriPathSegmentParamValue(Request servletRequest, String paramName) {
//
// if (!(servletRequest instanceof HttpServletRequest)) {
// return null;
// }
// HttpServletRequest request = (HttpServletRequest) servletRequest;
// String uri = request.getRequestURI();
// if (uri == null) {
// return null;
// }
//
// int queryStartIndex = uri.indexOf('?');
// if (queryStartIndex >= 0) { // get rid of the query string
// uri = uri.substring(0, queryStartIndex);
// }
//
// int index = uri.indexOf(';'); // now check for path segment parameters:
// if (index < 0) {
// // no path segment params - return:
// return null;
// }
//
// // there are path segment params, let's get the last one that may exist:
//
// final String TOKEN = paramName + "=";
//
// uri = uri.substring(index + 1); // uri now contains only the path segment params
//
// // we only care about the last JSESSIONID param:
// index = uri.lastIndexOf(TOKEN);
// if (index < 0) {
// // no segment param:
// return null;
// }
//
// uri = uri.substring(index + TOKEN.length());
//
// index = uri.indexOf(';'); // strip off any remaining segment params:
// if (index >= 0) {
// uri = uri.substring(0, index);
// }
//
// return uri; // what remains is the value
// }
private CookieSetting createCookie() {
CookieSetting cookieSetting = new CookieSetting(ShiroHttpSession.DEFAULT_SESSION_ID_NAME, null);
cookieSetting.setAccessRestricted(true);
cookieSetting.setPath("/");
cookieSetting.setComment("Skysail cookie-based authentication");
cookieSetting.setMaxAge(300);
return cookieSetting;
}
private void removeSessionIdCookie(Request request, Response response) {
//getSessionIdCookie().removeFrom(request, response);
}
// private String getSessionIdName() {
// String name = this.sessionIdCookie != null ? this.sessionIdCookie.getName() : null;
// if (name == null) {
// name = ShiroHttpSession.DEFAULT_SESSION_ID_NAME;
// }
// return name;
// }
}